Keycloak Source MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add -e "KEYCLOAK_SOURCE_PATH=${KEYCLOAK_SOURCE_PATH}" keycloak-source -- npx -y keycloak-source-mcp
Required:KEYCLOAK_SOURCE_PATH
README.md

Navigate and understand Keycloak source code locally with AI

keycloak-source-mcp

An MCP (Model Context Protocol) server that allows AI assistants to navigate and understand Keycloak source code locally. Built for developers creating Keycloak customizations — SPIs, Authenticators, Required Actions, Token Handlers, User Policies, and more.

Prerequisites

  • Node.js 18+
  • Keycloak source code cloned locally
  • ripgrep (rg) recommended for fast search — falls back to grep if not installed

Installation

Quick Start with npx

No installation needed — just configure your MCP client:

{
  "mcpServers": {
    "keycloak-source": {
      "command": "npx",
      "args": ["-y", "keycloak-source-mcp"],
      "env": {
        "KEYCLOAK_SOURCE_PATH": "/absolute/path/to/your/keycloak/source"
      }
    }
  }
}

Clone Keycloak Source

git clone https://github.com/keycloak/keycloak.git

Install ripgrep (recommended)

# macOS
brew install ripgrep

# Ubuntu/Debian
sudo apt install ripgrep

# Windows
choco install ripgrep

Configuration

Set the KEYCLOAK_SOURCE_PATH environment variable to point to your local Keycloak source checkout:

export KEYCLOAK_SOURCE_PATH=/path/to/keycloak

Tools

search_class

Search for a Java class or interface by name.

> search_class("AuthenticationProcessor")

Search results for class: "AuthenticationProcessor"
  services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
    Package: org.keycloak.authentication
    public class AuthenticationProcessor {

get_class_source

Get the full source code of a Java class.

> get_class_source("services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java")

File: services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
============================================================

package org.keycloak.authentication;
...

find_interface_implementors

Find all classes that implement a given interface or extend a given class.

> find_interface_implementors("Authenticator")

Implementors/subclasses of: "Authenticator"
  services/src/main/java/org/keycloak/authentication/authenticators/browser/UsernamePasswordForm.java:25
    public class UsernamePasswordForm extends AbstractUsernameFormAuthenticator implements Authenticator
  ...

search_spi_definitions

List SPI definitions from META-INF/services files.

> search_spi_definitions("Authenticator")

SPI Definitions (filter: "Authenticator")
============================================================
Found 2 SPI definition(s):

  SPI Interface: org.keycloak.authentication.AuthenticatorFactory
  File: services/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory
  Implementations:
    - org.keycloak.authentication.authenticators.browser.UsernamePasswordFormFactory
    ...

grep_source

Full-text regex search across the entire codebase.

> grep_source("@AutoService", "*.java", 10)

Search results for: "@AutoService" (files: *.java)
  server-spi/src/main/java/org/keycloak/provider/Spi.java:3:import com.google.auto.service.AutoService;
  ...

explain_implementation

The primary tool for understanding Keycloak internals. Accepts natural language queries about features or specific class names. Orchestrates deep source analysis including class hierarchies, interface method signatures, SPI extension points, implementations, and dependencies.

Topic query — conceptual overview:

> explain_implementation("authentication flow")

Keycloak Implementation Analysis: "authentication flow"
============================================================

Key Classes
----------------------------------------
  AuthenticationProcessor
    File: services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
    Processes authentication flow executions
    Key methods: authenticate, attachSession, ...

Main Interfaces
----------------------------------------
  Authenticator
    File: server-spi/src/main/java/org/keycloak/authentication/Authenticator.java
    An authenticator is responsible for authenticating a user in the context of an authentication flow.
    Methods:
      - void authenticate(AuthenticationFlowContext context) — Called to authenticate a user
      - void action(AuthenticationFlowContext context) — Called after a form action has been submitted
      - boolean requiresUser() — Does this authenticator require the user to already be identified?
      ...

Default Implementations
----------------------------------------
  UsernamePasswordForm implements Authenticator
    File: services/src/main/java/org/.../UsernamePasswordForm.java
    Username/password form authenticator implementation

SPI Extension Points
----------------------------------------
  META-INF service: org.keycloak.authentication.AuthenticatorFactory
    Registered providers:
      - org.keycloak.authentica

Tools (6)

search_classSearch for a Java class or interface by name.
get_class_sourceGet the full source code of a Java class.
find_interface_implementorsFind all classes that implement a given interface or extend a given class.
search_spi_definitionsList SPI definitions from META-INF/services files.
grep_sourceFull-text regex search across the entire codebase.
explain_implementationOrchestrates deep source analysis including class hierarchies, interface method signatures, and SPI extension points.

Environment Variables

KEYCLOAK_SOURCE_PATHrequiredAbsolute path to the local Keycloak source code repository

Configuration

claude_desktop_config.json
{"mcpServers": {"keycloak-source": {"command": "npx", "args": ["-y", "keycloak-source-mcp"], "env": {"KEYCLOAK_SOURCE_PATH": "/absolute/path/to/your/keycloak/source"}}}}

Try it

Explain how the authentication flow works in Keycloak.
Find all classes that implement the Authenticator interface.
Search for the definition of the AuthenticationProcessor class.
Find all occurrences of @AutoService in the codebase.
List the SPI definitions for AuthenticatorFactory.

Frequently Asked Questions

What are the key features of Keycloak Source?

Search for Java classes and interfaces by name. Retrieve full source code for specific files. Identify interface implementors and class subclasses. List SPI definitions from META-INF/services. Perform full-text regex searches across the codebase.

What can I use Keycloak Source for?

Developing custom Keycloak SPIs and authenticators. Analyzing existing authentication flows for debugging. Tracing dependencies and class hierarchies in the Keycloak codebase. Understanding how to implement new Token Handlers or User Policies.

How do I install Keycloak Source?

Install Keycloak Source by running: npx -y keycloak-source-mcp

What MCP clients work with Keycloak Source?

Keycloak Source works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Keycloak Source docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all ai-tools servers →

Related MCP Servers

Skill Seekers
The data layer for AI systems.
ai-tools11.1K stars
Context Mode
The other half of the context problem.
ai-tools5.6K stars
Semiotic
A React data visualization library designed for AI-assisted development.
ai-tools2.6K stars
RocketRide
Self-hosted, open-source AI pipeline platform for MCP tools
ai-tools1.6K stars
Context+
Semantic Intelligence for Large-Scale Engineering.
ai-tools1.5K stars
ShipSwift
AI-native SwiftUI component library — production-ready code for LLMs
ai-tools1.3K stars